CVE-2008-5360 — Stack-based Buffer Overflow in JDK

CWE-121 — Stack-based Buffer Overflow9 documents6 sources

Severity

6.4MEDIUMNVD

EPSS

3.7%

top 11.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE SUN SDK

Timeline

PublishedDec 5

Latest updateMay 13

Description

Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages3 packages

▶NVDsun/jdk1.5.0, 1.6.0+1

▶NVDsun/jre44 versions+43

▶NVDsun/sdk49 versions+48

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-grv8-692r-c98h: Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5↗2022-05-13

▶

CVEList

CVE-2008-5360: Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5↗2008-12-05

▶

📋Vendor Advisories

Ubuntu

openjdk-6 vulnerabilities↗2009-01-27

▶

Red Hat

OpenJDK temporary files have guessable file names (6721753)↗2008-12-04

▶

Red Hat

tog-pegasus pam authentication buffer overflow↗2008-01-08

▶

Red Hat

tog-pegasus pam authentication buffer overflow↗2008-01-07

▶

Red Hat

CVE-2008-0495: Unspecified vulnerability in the Pegasus CIM Server in IBM Hardware Management Console (HMC) 7 R3↗

▶

💬Community

Bugzilla

CVE-2008-5360 OpenJDK temporary files have guessable file names (6721753)↗2008-11-19

▶